Agent, Island: remove netstat collector and references
This commit is contained in:
parent
9220cd2f5b
commit
9e3ac63090
|
@ -7,7 +7,6 @@ import psutil
|
|||
from common.common_consts.system_info_collectors_names import AZURE_CRED_COLLECTOR
|
||||
from infection_monkey.network.info import get_host_subnets
|
||||
from infection_monkey.system_info.azure_cred_collector import AzureCollector
|
||||
from infection_monkey.system_info.netstat_collector import NetstatCollector
|
||||
from infection_monkey.system_info.system_info_collectors_handler import SystemInfoCollectorsHandler
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
@ -72,15 +71,12 @@ class InfoCollector(object):
|
|||
def get_network_info(self):
|
||||
"""
|
||||
Adds network information from the host to the system information.
|
||||
Currently updates with netstat and a list of networks accessible from host
|
||||
Currently updates with list of networks accessible from host
|
||||
containing host ip and the subnet range
|
||||
:return: None. Updates class information
|
||||
"""
|
||||
logger.debug("Reading subnets")
|
||||
self.info["network_info"] = {
|
||||
"networks": get_host_subnets(),
|
||||
"netstat": NetstatCollector.get_netstat_info(),
|
||||
}
|
||||
self.info["network_info"] = {"networks": get_host_subnets()}
|
||||
|
||||
def get_azure_info(self):
|
||||
"""
|
||||
|
|
|
@ -1,42 +0,0 @@
|
|||
# Inspired by Giampaolo Rodola's psutil example from
|
||||
# https://github.com/giampaolo/psutil/blob/master/scripts/netstat.py
|
||||
|
||||
import logging
|
||||
import socket
|
||||
from socket import AF_INET, SOCK_DGRAM, SOCK_STREAM
|
||||
|
||||
import psutil
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class NetstatCollector(object):
|
||||
"""
|
||||
Extract netstat info
|
||||
"""
|
||||
|
||||
AF_INET6 = getattr(socket, "AF_INET6", object())
|
||||
|
||||
proto_map = {
|
||||
(AF_INET, SOCK_STREAM): "tcp",
|
||||
(AF_INET6, SOCK_STREAM): "tcp6",
|
||||
(AF_INET, SOCK_DGRAM): "udp",
|
||||
(AF_INET6, SOCK_DGRAM): "udp6",
|
||||
}
|
||||
|
||||
@staticmethod
|
||||
def get_netstat_info():
|
||||
logger.info("Collecting netstat info")
|
||||
return [NetstatCollector._parse_connection(c) for c in psutil.net_connections(kind="inet")]
|
||||
|
||||
@staticmethod
|
||||
def _parse_connection(c):
|
||||
return {
|
||||
"proto": NetstatCollector.proto_map[(c.family, c.type)],
|
||||
"local_address": c.laddr[0],
|
||||
"local_port": c.laddr[1],
|
||||
"remote_address": c.raddr[0] if c.raddr else None,
|
||||
"remote_port": c.raddr[1] if c.raddr else None,
|
||||
"status": c.status,
|
||||
"pid": c.pid,
|
||||
}
|
|
@ -16,21 +16,13 @@ class T1016(AttackTechnique):
|
|||
"$project": {
|
||||
"machine": {"hostname": "$data.hostname", "ips": "$data.network_info.networks"},
|
||||
"networks": "$data.network_info.networks",
|
||||
"netstat": "$data.network_info.netstat",
|
||||
}
|
||||
},
|
||||
{
|
||||
"$addFields": {
|
||||
"_id": 0,
|
||||
"netstat": 0,
|
||||
"networks": 0,
|
||||
"info": [
|
||||
{
|
||||
"used": {
|
||||
"$and": [{"$ifNull": ["$netstat", False]}, {"$gt": ["$netstat", {}]}]
|
||||
},
|
||||
"name": {"$literal": "Network connections (netstat)"},
|
||||
},
|
||||
{
|
||||
"used": {
|
||||
"$and": [{"$ifNull": ["$networks", False]}, {"$gt": ["$networks", {}]}]
|
||||
|
|
|
@ -16,7 +16,6 @@ class T1082(AttackTechnique):
|
|||
"$project": {
|
||||
"machine": {"hostname": "$data.hostname", "ips": "$data.network_info.networks"},
|
||||
"aws": "$data.aws",
|
||||
"netstat": "$data.network_info.netstat",
|
||||
"process_list": "$data.process_list",
|
||||
"ssh_info": "$data.ssh_info",
|
||||
"azure_info": "$data.Azure",
|
||||
|
@ -28,7 +27,7 @@ class T1082(AttackTechnique):
|
|||
"machine": 1,
|
||||
"collections": [
|
||||
{
|
||||
"used": {"$and": [{"$ifNull": ["$netstat", False]}, {"$gt": ["$aws", {}]}]},
|
||||
"used": {"$and": [{"$gt": ["$aws", {}]}]},
|
||||
"name": {"$literal": "Amazon Web Services info"},
|
||||
},
|
||||
{
|
||||
|
@ -40,12 +39,6 @@ class T1082(AttackTechnique):
|
|||
},
|
||||
"name": {"$literal": "Running process list"},
|
||||
},
|
||||
{
|
||||
"used": {
|
||||
"$and": [{"$ifNull": ["$netstat", False]}, {"$ne": ["$netstat", []]}]
|
||||
},
|
||||
"name": {"$literal": "Network connections"},
|
||||
},
|
||||
{
|
||||
"used": {
|
||||
"$and": [{"$ifNull": ["$ssh_info", False]}, {"$ne": ["$ssh_info", []]}]
|
||||
|
|
Loading…
Reference in New Issue